cve/CVE-2025-7396.md at b99156590a6b0c1cf0b374aa41887d37143570c8

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-11-30 18:56:19 +00:00

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

Description

In wolfSSL release 5.8.2 blinding support is turned on by default for Curve25519 in applicable builds. The blinding configure option is only for the base C implementation of Curve25519. It is not needed, or available with; ARM assembly builds, Intel assembly builds, and the small Curve25519 feature. While the side-channel attack on extracting a private key would be very difficult to execute in practice, enabling blinding provides an additional layer of protection for devices that may be more susceptible to physical access or side-channel observation.

POC

Reference

No PoCs from references.

Github

https://github.com/17seetwice/wolfssl_mlkem_ascon
https://github.com/ARPSyndicate/cve-scores
https://github.com/deepin-community/wolfssl
https://github.com/faojdoai324234s/wolfSSL
https://github.com/wolfSSL/Arduino-wolfSSL
https://github.com/wolfSSL/wolfssl

1.2 KiB Raw Blame History

CVE-2025-7396

Description

POC

Reference

Github

1.2 KiB

Raw Blame History